import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.Statement;

public class jdbcdemo6_UserLogin {

    public void testLogin() throws Exception {
        Class.forName("com.mysql.jdbc.Driver");
        /*本机MySQL并且端口3306可以简化书写
        String url = "jdbc:mysql://cc";
         */
        String url = "jdbc:mysql://192.168.2.131:3306/cc";
        String username = "root";
        String password = "abc123";
        Connection conn = DriverManager.getConnection(url, username, password);

        String name = "";
        String pwd = "";
        String sql = "select * from tb_user where username = '" + name + "' and password = '" + pwd + "'";

        Statement stmt = conn.createStatement();

        ResultSet rs = stmt.executeQuery(sql);

        if (rs.next()) {
            System.out.println("登录成功");
        } else {
            System.out.println("登录失败");
        }


        rs.close();
        stmt.close();
        conn.close();
    }


    public void testLogin_Inject() throws Exception {
        Class.forName("com.mysql.jdbc.Driver");
        /*本机MySQL并且端口3306可以简化书写
        String url = "jdbc:mysql://cc";
         */
        String url = "jdbc:mysql://192.168.2.131:3306/cc";
        String username = "root";
        String password = "abc123";
        Connection conn = DriverManager.getConnection(url, username, password);

        String name = "dasjhflkas";
        String pwd = "' or '1' = '1";
        String sql = "select * from tb_user where username = '" + name + "' and password = '" + pwd + "'";

        Statement stmt = conn.createStatement();

        ResultSet rs = stmt.executeQuery(sql);

        if (rs.next()) {
            System.out.println("登录成功");
        } else {
            System.out.println("登录失败");
        }


        rs.close();
        stmt.close();
        conn.close();
    }
}

